Would it make sense to use Apache Calcite as a security mediator? Has calcite already been used for that purpose? The mediator would parse untrusted SQL queries, reject queries other than SELECT (including any sub-queries), and inject multi-tenancy WHERE filters in every SELECT query, including sub-queries?
More specifically, consider a Druid database which is configured to implement multi-tenancy with shared datasources: https://druid.apache.org/docs/latest/querying/multitenancy.html#partitioning-shared-datasources. Every Druid datasource would have a "tenant_id" attribute that can be used in a Druid-SQL WHERE clause. Thank you. Sebastien